American Homeland Security officials have made an official statement informing the public of the cybersecurity issue that occurred in last year’s United States presidential race. Although there is no evidence to indicate that any actual votes were manipulated, there is proof showing that the election-related online systems in 21 states were targeted by Russian cyber hackers.
It has been discovered that Russian intelligence agents hacked a US voting systems manufacturer in the weeks prior to last year’s US presidential election. The revelation was made when 25 year old Reality Leigh Winner, who worked as a federal contractor in Augusta, Georgia, was arrested and charged with the federal crime of removing classified material from a government facility and subsequently sending it to news publications.
Vote-counting is said to have been unaffected by the hacking, however it has been confirmed that the email account of a senior Democrat was also hacked during the campaign. It has been confirmed that Russian military intelligence used a cyber-attacking software to send spear-phishing emails to over a hundred election officials on the day prior to voting.
Despite denials from Russian President Vladimir Putin, the American National Security Agency are convinced that the Russian government are behind the attack, and that the Russian General Staff Main Intelligence Directorate (GRU) planned the federal offence and are behind the 2016 presidential election interference. It is believed that the GRU executed the cyber attack with the aim to access data from elections-related software and hardware solutions. The data obtained was used to initiate a voter registration-themed fraudulent email movement, targeted towards local US government officials and organisation, and while the real reason for these emails is still unknown, it is widely accepted that it was to sway the votes in favour of Donald Trump whilst also causing distrust towards the US electorate system.
Although the true reason for the hacking is unknown and the extent of how much impact the stolen information and forged emails had on the result of the presidential campaign, one thing is for sure, and it’s that the US Government, one of the most secure and cautious governments in the world, was the subject of cyber attack. Not only was the Democratic National Committee (DNC) server hacked, but so was and the personal Google email account of John Podesta, Hillary Clinton’s Campaign Chairman. If something as guarded and strongly protected as the voter-registration system for the presidential election of the United States of America can be penetrated, what does that mean for general online security?
As the digital world continues to evolve, so does the cyber threat environment. Unfortunately as technology and its capabilities advance, so do online fraudsters who seek to exploit these technologies and their level of threat. The cyber attack against the US election has caused a global discussion about the importance of cyber security, and the need for greater data security, and as the threat of cyber attacks increases, so does the demand for more sophisticated online protection.
Security methods such as a VPN (Virtual Private Network), have become a necessity in today’s online environment. Once only used by public internet connections to add security and privacy for public networks or by corporates for an extra level of protection for sensitive data, VPNs are now increasing in popularity for personal use. In a world where face-to-face interaction and transactions are becoming less common, internet precautions that were once considered extreme and/or unnecessary are now a part of daily life.
Whilst the American Government deals with the national outcry from the Russian cyber attack, Britain’s NHS are still recovering from the global cyber attack it fell victim to earlier this year. In May, a ransomware called WannaCry caused a worldwide panic as hundreds of thousands of computers were locked and large amounts of money were demanded in order for the computers to be unlocked. The NHS in the UK is still working to bring its systems back online, after facing public outcry about the strength of its infrastructure after it became the biggest victim of the global ransomware attack.
The repercussions of the attack were severe, which saw many operations cancelled, ambulances being misinformed and important documentation being obstructed. Hundreds of computers at General Practices and hospitals around the country were affected by the malware, which appeared to have adapted technology stolen from the National Security Agency in the US, to block access to files until a ransom was paid.
The ransomware is thought to have affected computers in over 100 different countries, exposing cyber security faults across the globe. It is still unconfirmed whether patient data was lost in the attack, but the NHS has declared a software upgrade is of first priority following the attack.
The WannaCry ransomware was cleverly developed by cyber hackers to exploit a flaw in the Windows operating system. In March, Microsoft responded to the malware by releasing a software update that fixed the problem and prevented the ransomware from overhauling the computer system. However, computers that did not install the security update were left vulnerable.
It has been reported that nearly all NHS trusts were using obsolete versions of Windows, that were in fact so old that Microsoft no longer developed security updates for its model of Windows. It has been speculated that had the NHS updated their systems and been proactive with their malware protection, the incident could have been prevented.
This only goes to further show the importance of installing and retaining high-quality cyber protection on all technological devices, whether it’s for personal or corporate use, and ensuring that your online protection develops and progresses with the capabilities of computer technologies and unfortunately, those that seek to defraud them.